This policy explains how Healthscope New Zealand manages the personal and health information of patients. It also describes the sorts of information held and why, as well as how that information is collected, held, used and disclosed.
This policy applies to all Healthscope facilities in New Zealand.
The Healthscope New Zealand policy on Privacy is:
Healthscope is committed to the right to privacy and the protection of personal and health information in accordance with privacy laws.
Introduction to privacy
Healthscope New Zealand ("Healthscope") incorporating Labtests, Wellington SCL, Northland Pathology, Southern Community Labs, Canterbury Labs (tbc) and Gribbles Veterinary, adheres to the Information Privacy Principles in the Privacy Act (NZ) 1993.
All new patients are to be provided with a copy of the Healthscope Privacy Brochure, as it is current from time to time, where possible and practicable to do so.
Dealing with Healthscope anonymously
Where it is lawful and practicable to do so, individuals may deal with Healthscope anonymously (e.g. when enquiring about services generally).
Why does Healthscope collect personal information?
If an individual is to receive or has received a service from Healthscope , Healthscope will collect and hold their personal information:
- To gain an understanding of the individual's needs so we may provide them with the required service and advice
- To contact the individual to provide advice or information in relation to the way in which the service will be or has been provided
- To improve the quality of a Healthscope service
- To administer and manage those services including charging, billing and collecting debts
- Where required by law
What personal information does Healthscope collect and hold?
The information collected may include an individual's:
- Date of birth
- Address (postal and email)
- Telephone numbers
- NHI, health fund and health insurance cover details
- Medical history, test results and other health information
- Other information necessary for Healthscope functions and activities
- Person to contact in case of emergency
How is personal information collected?
Healthscope will, if reasonable and practicable to do so, collect personal and health information directly from the individual concerned. This may take place when the individual fills out documents such as an admission form or an administrative form or when the individual gives Healthscope personal and health information in person or over the telephone. In the case of Pathology services, patient information is generally provided by the referring doctor on a request form.
Healthscope may collect personal and health information from third parties such as:
- An individual's health service provider
- A health professional who has treated the individual
- The individuals family
- Other sources where necessary to provide a health service
Disclosing personal information
Healthscope may disclose personal information for the purposes of:
- Continuity of care with other health service providers involved in the individual's treatment or diagnostic services
- Providing an individual with further information about treatment options
- Conveying information to a responsible person (e.g. parent, guardian, spouse) when the individual is incapable or cannot communicate, unless the individual has requested otherwise
- Conveying information to close family members in accordance with the recognised customs of medical practice
- Management, funding, service-monitoring, planning, evaluation and complaint handling
- Legislative and regulatory compliance
- In response to orders of a Court or tribunal
- Quality assurance or clinical audit activities
- Accreditation activities
- Health insurance funding
- Billing and debt recovery
- Addressing liability indemnity arrangements including reporting to the hospital's insurers and legal representatives
- Preparing the defence for anticipated or existing legal proceeding
- Research or the compilation or analysis of statistics relevant to public health and safety
- Activities directly related to the provision of health services to an individual where the individual would reasonably expect disclosure.
Healthscope will only provide personal and health information for the purposes of marketing and promotional activities with the individual's consent.
Trans-border data flows
We operate and communicate with organisations throughout New Zealand and overseas. Therefore some disclosures may occur outside the New Zealand. Healthscope will only disclose information to an organisation in a country which has a substantially similar privacy regime.
Using government identifiers
In certain circumstances we are required, to collect government identifiers such as NHI numbers. We will only use or disclose this information in accordance with the law.
Storing personal information
Healthscope stores personal and health information in different ways, including in paper and electronic form. The security of personal and health information is important to Healthscope and reasonable steps are taken to protect it from misuse or loss and from unauthorised access, modification or disclosure. Some of the ways this is done include:
- Requiring our staff to maintain confidentiality
- Implementing document storage security
- Imposing security measures for access to our computer systems
- Providing a secure environment and access control for confidential information
- Only allowing access to personal and health information where the individual seeking access has satisfied our identification requirements
Personal and health information is retained for the period of time determined by law and is disposed of in a secure manner.
Keeping personal information accurate and up to date
Healthscope takes all reasonable steps to ensure that the personal and health information it collects, uses and discloses is accurate, complete and up to date. However, the accuracy of that information depends largely on the quality of the information provided to Healthscope. It is therefore suggested that individuals:
- Let Healthscope know if there are any errors in their personal or health information
- Keep Healthscope up to date with changes to their personal information (e.g. their name and address)
- Individuals may do this by mail or email (see "Contacting Healthscope").
Accessing personal information
Individuals have a right to access their medical records subject to some exceptions allowed by law. Individuals can contact Healthscope to request access (see "Contacting Healthscope"). We may charge a fee for collating and providing access to personal and health information. In the case of Pathology services, it is recommended that patients obtain the information from the referring doctor.
Healthscope will disclose the medical record to an authorised personal representative or legal adviser where the individual has provided written authority, unless any of the legislative exceptions apply.
Healthscope is committed to protecting online privacy. In general, visits to Healthscope websites can be made without revealing any personal information.
Healthscope websites contain links to Web sites operated by third parties. Healthscope has no control over the privacy policies and practices of such third-party sites. When following links to other sites from a Healthscope website we recommend that you read the privacy statement of that site to familiarise yourself with its privacy practices.
Email addresses provided will only be used to provide the requested service or response to specific user queries and will not be added to any mailing lists, nor disclosed to any other party without users' knowledge and consent, unless required by law.
Healthscope may provide third parties with aggregate statistics about our visitors, traffic patterns and related site information. This data reflects site-usage and does not contain identifying information. Healthscope does not provide any third-party access to your personal information
Patient health information submitted electronically
The information about a visitor's access to a Healthscope website is distinct from a patient's health information which may, (for example, in the usage of the eHealth applications be sent or stored online).
If the Privacy Officer is not able to satisfactorily answer an individual's concerns, the individual may contact the Privacy Commissioner on freephone 0800 803 909 (or 09 302 8655 if you are calling from Auckland) or via e-mail at firstname.lastname@example.org
Individuals may ask any questions about privacy and the way Healthscope manages personal and health information, complain about the handling of their information or obtain a form requesting access to personal and health information by contacting the Privacy Officer or the Lab Manager of the Pathology service either by phone or in writing.
Author: Healthscope Privacy Officer
HSP Policy 2.23 Privacy
REVIEW / CONSULTATION
All Managers - Pathology NZ
National Manager Claims &